Crash in FBSDKRestrictiveDataFilterManager.m line 80

[clayjonezie]

Checklist

• [X] I've updated to the latest released version of the SDK (we are experiencing this on an older version from previous builds, FBSDK 6.5.0. I do not know if FBSDK 6.5.2 resolves the issue.)
• [X] I've searched for existing GitHub issues
• [X] I've looked for existing answers on Stack Overflow, the Facebook Developer Community Forum and the Facebook Developers Group
• [X] I've read the Code of Conduct
• [x] This issue is not security related and can safely be disclosed publicly on GitHub

Environment

Describe your dev environment here, giving as many details as possible. If you have them, make sure to include:

• Xcode Version: 11.4.1
• FBSDK 6.5.0 (at time of build)

Goals

What do you want to achieve?

We are using FBSDK in our app as an authentication option

Expected Results

What do you expect to happen?

I would like FBSDK to not crash

Actual Results

What actually happened? Can you provide a stack trace?

FBSDK is crashing at a large volume.

Steps to Reproduce

What are the steps necessary to reproduce this issue?

I'm not sure yet, this is happening intermittently (but at a high volume) in the field.

Code Samples & Details

Fatal Exception: NSInvalidArgumentException
0  CoreFoundation                 0x1a5c2896c __exceptionPreprocess
1  libobjc.A.dylib                0x1a5941028 objc_exception_throw
2  CoreFoundation                 0x1a5b26dcc -[NSOrderedSet initWithSet:copyItems:]
3  CoreFoundation                 0x1a5c2d048 ___forwarding___
4  CoreFoundation                 0x1a5c2f3a0 _CF_forwarding_prep_0
5  FBSDKCoreKit                   0x1039830cc +[FBSDKRestrictiveDataFilterManager updateFilters:] + 80 (FBSDKRestrictiveDataFilterManager.m:80)
6  FBSDKCoreKit                   0x103985f34 +[FBSDKServerConfigurationManager processLoadRequestResponse:error:appID:] + 240 (FBSDKServerConfigurationManager.m:240)
7  FBSDKCoreKit                   0x103985750 __78+[FBSDKServerConfigurationManager loadServerConfigurationWithCompletionBlock:]_block_invoke + 161 (FBSDKServerConfigurationManager.m:161)
8  FBSDKCoreKit                   0x103969c5c -[FBSDKGraphRequestMetadata invokeCompletionHandlerForConnection:withResults:error:] + 41 (FBSDKGraphRequestMetadata.m:41)
9  FBSDKCoreKit                   0x103967534 __82-[FBSDKGraphRequestConnection processResultBody:error:metadata:canNotifyDelegate:]_block_invoke + 806 (FBSDKGraphRequestConnection.m:806)
10 FBSDKCoreKit                   0x103967428 -[FBSDKGraphRequestConnection processResultBody:error:metadata:canNotifyDelegate:] + 839 (FBSDKGraphRequestConnection.m:839)
11 FBSDKCoreKit                   0x103967038 __64-[FBSDKGraphRequestConnection completeWithResults:networkError:]_block_invoke + 788 (FBSDKGraphRequestConnection.m:788)
12 CoreFoundation                 0x1a5bfa66c __NSARRAY_IS_CALLING_OUT_TO_A_BLOCK__
13 CoreFoundation                 0x1a5af822c -[__NSArrayM enumerateObjectsWithOptions:usingBlock:]
14 FBSDKCoreKit                   0x103966dfc -[FBSDKGraphRequestConnection completeWithResults:networkError:] + 767 (FBSDKGraphRequestConnection.m:767)
15 FBSDKCoreKit                   0x1039662b0 -[FBSDKGraphRequestConnection completeFBSDKURLSessionWithResponse:data:networkError:] + 634 (FBSDKGraphRequestConnection.m:634)
16 FBSDKCoreKit                   0x10396443c __36-[FBSDKGraphRequestConnection start]_block_invoke_3 + 242 (FBSDKGraphRequestConnection.m:242)
17 libdispatch.dylib              0x1a58ccb7c _dispatch_call_block_and_release
18 libdispatch.dylib              0x1a58cdfd8 _dispatch_client_callout
19 libdispatch.dylib              0x1a58d9cc8 _dispatch_main_queue_callback_4CF
20 CoreFoundation                 0x1a5ba3cc8 __CFRUNLOOP_IS_SERVICING_THE_MAIN_DISPATCH_QUEUE__
21 CoreFoundation                 0x1a5b9ea24 __CFRunLoopRun
22 CoreFoundation                 0x1a5b9df40 CFRunLoopRunSpecific
23 GraphicsServices               0x1afe2e534 GSEventRunModal
24 UIKitCore                      0x1a9d29580 UIApplicationMain
25 AllTrails                      0x10233876c main + 21 (UIDevice+Storage.swift:21)
26 libdyld.dylib                  0x1a5a1ce18 start

[MeGaPk]

Same here :D

[brtylr]

Spotify still down for me for like the past 2 hours or so, the fix aint fixin' shouts into the void

[corecoding]

Does anyone have an official word from Facebook? It feels like a server outage on their end causing the SDK to parse an invalid payload.

[rromanchuk]

spy apps with spy sdks embedded are crashing probably deserved

We get it DHH, you didnt take venture.

[v1ctormoreno]

When Facebook ruins the iOS ecosystem: part 9999 please fix this.

[risaluis]

Works!!🤣🤣

[dgutov]

I choose to think this was a good Samaritan somewhere inside FB who now let all users know which of their apps contact Facebook unconditionally during startup.

[whoisjuan]

Some poor bastard at FB right now.

[SzymonFortuna]

From the user perspective - so interesting to see Spotify crashing for me supposing I didn’t sign up with Facebook.

[dwaite]

Edit: the world is already hard as is. Put yourself in the shoes of the team that is responsible for this. They must be stressed a.f. knowing that they are crashing the whole iOS ecosystem. So stop pressuring them and give them time to peacefully make their fixes. Life goes on.

They should alleviate their stress by removing the telemetry code which is causing this crash. Apps embed this library so that they can let their shared users with Facebook log in; not so that Facebook can track which native apps people are running on their phones.

[johnkassebaum]

There are easy and robust tools for guarding against an eventuality that leads to such significant damage. I, and several at my company, lost an hour+ of productivity, not to mention lost revenue for apps that couldn’t launch to sell or provide their service, or employees that depend on clients being able to order for delivery, etc.. This was no simple mistake; it had lasting damage, the least of which is our crash rate tracking dropping thru the floor. If your code can cause this much damage, that makes you a very large liability.

[kodaewon]

Do you know exactly what the cause of the crash is?

[derekwilling]

I know this is an unpopular opinion but....

https://github.com/facebook/facebook-ios-sdk/blob/9042193ae6f0c2dc8009b65071cf53d434339004/LICENSE#L12

[lucas-tl]

Do you know exactly what the cause of the crash is?

They aren't checking for nil against a dictionary key. Pretty much CS 101 stuff. Oh and they're exchanging data with their servers. Without being explicit about this. During the host app launch process :)

[giankotarola]

I have updated my ios phone to V13.4.1 and Spotify was back as many other apps.

[lucas-tl]

I have updated my ios phone to V13.4.1 and Spotify was back as many other apps.

This has nothing to do with the actual update you just did. It's just that the fix they pushed takes some time to propagate. YMMV.

[ColdGrub1384]

Well, let’s now use dlopen so the entire app doesn’t crash when the framework crashes 😂

[NSKevin]

This crash is just like Google Map's crash a faw days before. Backend data error.......... We should make the third-part lib to be plugin, so we can shut them down online : ] Trust noone -。-、

[yolarrydabomb]

I still don't understand why my Spotify was crashing. I don't use Facebook!

Because their crap code is wrap around the app

[giankotarola]

I have updated my ios phone to V13.4.1 and Spotify was back as many other apps.

This has nothing to do with the actual update you just did. It's just that the fix they pushed takes some time to propagate. YMMV.

@lucas-tl Weird 🤔. I was with two ios devices, both with the apps crashing issue, one was updated to verify if the ios version update could be resolve. When I saw that after the update the apps were back, I updated the other one(that continues with the issues) and then apps were back too. It is Just my experience with the apps crashing problem ✌️

[NikxDa]

Give these guys a break. I'm sure whoever is responsible is having a super shitty day and we all make mistakes. Not a good look calling for the firing of anyone here. Given the size of this piece of software, bugs of this scale are rather rare and it was resolved pretty quickly given that those changes need time to propagate as well.

[lucas-tl]

I have updated my ios phone to V13.4.1 and Spotify was back as many other apps.

This has nothing to do with the actual update you just did. It's just that the fix they pushed takes some time to propagate. YMMV.

@lucas-tl Weird 🤔. I was with two ios devices, both with the apps crashing issue, one was updated to verify if the ios version update could be resolve. When I saw that after the update the apps were back, I updated the other one(that continues with the issues) and then apps were back too. It is Just is my experience with the apps crashing problem ✌️

Yeah I get that. Keep in mind chances are your device flushed DNS cache or something in that process. I can tell you my device went back to normal without doing any update or anything.

[ghost]

Give these guys a break. I'm sure whoever is responsible is having a super shitty day and we all make mistakes. Not a good look calling for the firing of anyone here. Given the size of this piece of software, bugs of this scale are rather rare and it was resolved pretty quickly given that those changes need time to propagate as well.

Still does not change the fact, that the Spy Code is causing Problems... Lets just remove it...

[NikxDa]

Give these guys a break. I'm sure whoever is responsible is having a super shitty day and we all make mistakes. Not a good look calling for the firing of anyone here. Given the size of this piece of software, bugs of this scale are rather rare and it was resolved pretty quickly given that those changes need time to propagate as well.

Still does not change the fact, that the Spy Code is causing Problems... Lets just remove it...

I agree but would still argue that this is a different argument altogether :)

[drey7925]

Can we get a root cause and changes to workflow/testing/process/design to prevent a recurrence of similar issues?

[dfault-user]

this entire thread has me cackling

[austinheap]

Give these guys a break. I'm sure whoever is responsible is having a super shitty day and we all make mistakes. Not a good look calling for the firing of anyone here. Given the size of this piece of software, bugs of this scale are rather rare and it was resolved pretty quickly given that those changes need time to propagate as well.

100% agree -- anyone responsible for SLAs is presumably mature enough to understand this. It is, though, A-grade press fodder 😂

[CoCoKit]

启动后你他娘的瞎更新啥？能不能安分一点儿？？？

[trodick]

Let me just chime in here. As somebody who has had experience, albeit limited, writing software that depends on third-party libraries, this could have been gracefully avoided with better exception handling in the calling code. Anything that is doing something with a server connection should probably be wrapped in a try...catch block. That way, if something upstream does break, or the calling code receives an unexpected value, it can handle the failure without segfaulting and dumping core. I know it's probably a pain in the behind to start wrapping everything in exception-handling code, but it'll save everyone's bacon later on.

[0xmohit]

Every app you run I'll be watching you

[pangia]

Let me just chime in here. As somebody who has had experience, albeit limited, writing software that depends on third-party libraries, this could have been gracefully avoided with better exception handling in the calling code. Anything that is doing something with a server connection should probably be wrapped in a try...catch block. That way, if something upstream does break, or the calling code receives an unexpected value, it can handle the failure without segfaulting and dumping core. I know it's probably a pain in the behind to start wrapping everything in exception-handling code, but it'll save everyone's bacon later on.

not true in this case. no try/catch block and the entire thing was encapsulated in their SDK.

[JoshCheek]

@trodick that's what I was originally thinking, but it sounds like their code may be calling out to FB when it gets loaded, without the calling code even being aware of this. That's based on this comment: https://github.com/facebook/facebook-ios-sdk/issues/1374#issuecomment-624973970 If so, that's a fkn nefarious thing for their code to do, and calling it "spyware" is almost certainly justified, and wiping out everyone else's apps is to be expected. Again, if so, then the problem isn't their release management, it's the nefarious way they wrote their SDK. 🤔 but, I'm not too confident in that comment, because how would it know which credentials to use when talking to FB on startup?

[NSKevin]

启动后你他娘的瞎更新啥？能不能安分一点儿？？？

Please be rational : ]

[FanYouXin]

A spooky morning！

[trodick]

@JoshCheek Hmmm, but that does make me wonder: Given that the library is open-source, shouldn't a security researcher have already found out what it was doing? Or do you think this is something on the remote end and the client library was receiving an inappropriate value that wasn't handled right? If so, then it's both the client and the API endpoint.

[scottorly]

You can disable auto logging app events.

https://developers.facebook.com/docs/app-events/getting-started-app-events-ios

[megs-seek]

You can disable auto logging app events.

https://developers.facebook.com/docs/app-events/getting-started-app-events-ios

Is the logging what is causing the crash? i.e. would this fix the issue?

[WeGamers]

Same ！

[scottorly]

Is the logging what is causing the crash? i.e. would this fix the issue?

Maybe 🤷‍♂️ From what I understand the offending line has to do with the event logging and it seems reasonable to assume that it would ameliorate the issue but I haven't verified it myself.

Is your app still crashing?

[megs-seek]

Is the logging what is causing the crash? i.e. would this fix the issue?

Maybe 🤷‍♂️ From what I understand the offending line has to do with the event logging and it seems reasonable to assume that it would ameliorate the issue but I haven't verified it myself.

Is your app still crashing?

were seeing the crash rate about 1/5 what it was 2 hours ago, but there are still significant amount of crashes. still deciding whether its worth releasing a bug fix or waiting for the problem to disappear.. my guess is just to wait

[ademirev]

Seems that the issue is resolved; Spotify and GroupMe, etc. are all up and running on my end.

[ISusu]

How can i fix this issue?

[ISusu]

Four hours ago, the crash rate of my app reached 18%, then it returned to normal, and now it's 15%. Give me a chance, the boss is going to fire me. What should I do?

[allenday]

Edit: the world is already hard as is. Put yourself in the shoes of the team that is responsible for this. They must be stressed a.f. knowing that they are crashing the whole iOS ecosystem. So stop pressuring them and give them time to peacefully make their fixes. Life goes on.

They should alleviate their stress by removing the telemetry code which is causing this crash. Apps embed this library so that they can let their shared users with Facebook log in; not so that Facebook can track which native apps people are running on their phones.

No, they shouldn't. Facebook has a fiduciary responsibility to their shareholders to monetize surveillance of user behavior.

[ISusu]

It returned to normal now.

[jeannekamikaze]

Just remove the spyware from your software and it will all start working again.

[kazzkiq]

Are we ready to ask the real questions here?

Why the heck does Facebook do unwanted requests during my apps startup? What kind of info are they sending back to their servers?

[poonam-bhadikar]

Is this issue fixed now?

[Kingson]

启动后你他娘的瞎更新啥？能不能安分一点儿？？？

我们的所有App都中招

[Roxasora]

Could someone working for facebook SDK stand out and explain this??😢😢😢😢 This is a real tragedy!! We need to know what happened and why it happened!!😤😤😤😤